PT-2019-14951 · Zoho · Zoho Manageengine Datasecurity Plus

Dominique Righetto

Publicado

2019-10-09

Atualizado

2019-11-20

CVE-2019-17112

CVSS v3.1

4.3

Média

Vetor

AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine DataSecurity Plus versions prior to 5.0.1 5012

Description An issue was discovered that allows a basic user with "Operator" access level to access the configuration file of the mail server, excluding the password, due to an exposed service.

Recommendations For versions prior to 5.0.1 5012, update to version 5.0.1 5012 or later to resolve the issue.

Correção

Files Accessible to External Parties

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-552

Identificadores relacionados

CVE-2019-17112

Produtos afetados

Zoho Manageengine Datasecurity Plus

PT-2019-14951 · Zoho · Zoho Manageengine Datasecurity Plus

CVE-2019-17112

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4